Today, in on-line business, social and administrative interactions we rely on cryptographic methods to provide security, authentication, integrity and non-repudiation. However, authentication and non-repudiation requires trusted third party (TTP) to provide such assurances. TTP is also known as trusted authority (TA) or certification authority (CA) and is managed by Public Key Infrastructure (PKI).
There are inherited vulnerabilities in every computer use if user has no complete and absolute control of all processes running on machine. Computer use in cryptography is essential because of practical computational power but does not influence much mathematical principles of process. Computer user's secret data or messages associate with intended application can also be used in another application of which he is not aware and his secret data and messages can be misused. To make things worse, there is no verifiability built in message exchange process. When user discovers that his data or message is misused it is often too late to repair damage by revocation of message.
The new method brings anonymity with verifiability to traditional set of cryptographic assurances. The role of TTP diminishes and there is no need for TTP existence after application and participants are defined and set with all necessary processes and tools in place. At this point, to additionally increase mutually assured trust, all cumulated knowledge into single point of TTP can be erased because there is no need for it. In traditional TTP role the knowledge is permanently needed for authorization, identification and revocation processes.
Anonymity benefits are to avoid retaliation if disagreed with authority during interaction or to avoid unnecessary strength to personal relationship. The value of on-line anonymity in business, public and management interactions is to separate personal from application role attributes and help to focus attention on application core objectives.
The verifiability provides capability that any alteration of message can be easily detected in real time. Also, process outcome can be independently verified without compromising anonymity of other participants. If necessary, revocation process can be initiated prior the real damage is inflected.